Security Risk Assessment Management Threat Vulnerabilities

Anonymous

Question Description

Assignment Instructions

You are the IT and Security Manager for a small five-physician medical practice that uses electronic medical records (EMR) but has never performed a HIPAA security risk assessment. You need to prepare for the upcoming HIPAA Audit, and the healthIT.gov site recommends performing a security risk assessment using their Security Risk Assessment (SRA) tool (downloadable or paper).

Based on the scenario above, review the questions in the Administrative Safeguards portion of the tool. This private practice has many written policies, but the policies are often not updated, and training of new personnel on HIPAA requirements is a bit haphazard and not well coordinated. The practice does not have a formally appointed security contact, although the office general manager is the one that most people go to. The one-person IT professional tries to protect the patient’s information and access to that information as best that is possible, but people that leave the organization are often not immediately removed from having that access. Physical access to the building does require a key card access, but the building entrance is not monitored by cameras or the need to sign in. The company has not formally documented and mapped relevant business associates and has not secured business associate agreements related to patient information security. Although the receptionist area has a high counter, and patients typically cannot see the receptionist’s computer screen, patients are able to hear the phone conversations in the receptionist area. Access to the medical records is password protected but not encrypted, and not all computer screens have automatic lock when the screens are idle.

  1. Identify at least 10 Administrative Safeguard questions from the tool that you think are particularly relevant to this organization. Identify each by number and the specific wording of the question.
  2. Discuss at least five identified threats or vulnerabilities and discuss the likelihood and overall impact of each of these vulnerabilities in a table like the one below for each threat/vulnerability(You should have five tables).

Likelihood

Impact

Low

Medium

High

Low

Low Risk

Low Risk

Low Risk

Medium

Low Risk

Medium Risk

Medium Risk

High

Low Risk

Medium Risk

High Risk

  1. For each threat/vulnerability, describe one or more safeguards that could be implemented against the threat/vulnerability. Suggested safeguards can be found in the SRA tool.
  2. Write a summary that discusses what you learned by participating in this exercise. Discuss how difficult and costly completing this assessment might be for the small medical practice described in this case. Recommend possible solutions to make this assessment process possible for this small practice.

Assignment Requirements

  • 5-6 pages of content (exclusive of cover sheet and references page), using Times New Roman font style, 12pt, double-spaced, using correct APA formatting, and include a cover sheet, table of contents, abstract, and reference page(s)
  • At least 1 credible source cited and referenced
  • No spelling errors
  • No grammar errors
  • No APA errors

For more information and examples of APA formatting, visit APA Central or the library under Academic Tools in this course.

Also review the Policy on Plagiarism. If you have any questions, please contact your professor.

Directions for Submitting Your Assignment

Name your Assignment document according to this convention: YourLastName_IT591_Unit4. Submit your completed Assignment to the Unit 4 Dropbox by the deadline.

Review the rubric before beginning this activity.

Unformatted Attachment Preview

1/6/2019 Sample Content Topic Assignment Details Preparing for a HIPAA Audit Outcomes addressed in this activity: Unit Outcomes: Define administrative, technical, and physical safeguards for HIPAA. Apply administrative, technical, and physical safeguards in a case scenario. Examine an audit process. Apply a checklist to prepare for an audit in a real-world scenario. Course Outcome practiced in this unit: IT591-3: Apply auditing processes within a technical scenario. Purpose In this assignment, you will be provided a scenario in which you need to prepare for a HIPAA audit using materials found on the healthIT.gov website and using a government provided online or downloadable tool to perform a risk assessment. Assignment Instructions file:///Users/emmanuelnyarko/Downloads/Unit%204%20Assignment.html 1/5 1/6/2019 Sample Content Topic You are the IT and Security Manager for a small five-physician medical practice that uses electronic medical records (EMR) but has never performed a HIPAA security risk assessment. You need to prepare for the upcoming HIPAA Audit, and the healthIT.gov site recommends performing a security risk assessment using their Security Risk Assessment (SRA) tool (downloadable or paper). Based on the scenario above, review the questions in the Administrative Safeguards portion of the tool. This private practice has many written policies, but the policies are often not updated, and training of new personnel on HIPAA requirements is a bit haphazard and not well coordinated. The practice does not have a formally appointed security contact, although the office general manager is the one that most people go to. The one-person IT professional tries to protect the patient’s information and access to that information as best that is possible, but people that leave the organization are often not immediately removed from having that access. Physical access to the building does require a key card access, but the building entrance is not monitored by cameras or the need to sign in. The company has not formally documented and mapped relevant business associates and has not secured business associate agreements related to patient information security. Although the receptionist area has a high counter, and patients typically cannot see the receptionist’s computer screen, patients are able to hear the phone conversations in the receptionist area. Access to the medical records is password protected but not encrypted, and not all computer screens have automatic lock when the screens are idle. file:///Users/emmanuelnyarko/Downloads/Unit%204%20Assignment.html 2/5 1/6/2019 Sample Content Topic 1. Identify at least 10 Administrative Safeguard questions from the tool that you think are particularly relevant to this organization. Identify each by number and the specific wording of the question. 2. Discuss at least five identified threats or vulnerabilities and discuss the likelihood and overall impact of each of these vulnerabilities in a table like the one below for each threat/vulnerability (You should have five tables). Likelihood Impact Low Medium High Low Low Risk Low Risk Low Risk Medium Low Risk Medium Risk Medium Risk High Low Risk Medium Risk High Risk 1. For each threat/vulnerability, describe one or more safeguards that could be implemented against the file:///Users/emmanuelnyarko/Downloads/Unit%204%20Assignment.html 3/5 1/6/2019 Sample Content Topic threat/vulnerability. Suggested safeguards can be found in the SRA tool. 2. Write a summary that discusses what you learned by participating in this exercise. Discuss how difficult and costly completing this assessment might be for the small medical practice described in this case. Recommend possible solutions to make this assessment process possible for this small practice. Assignment Requirements 5-6 pages of content (exclusive of cover sheet and references page), using Times New Roman font style, 12pt, double-spaced, using correct APA formatting, and include a cover sheet, table of contents, abstract, and reference page(s) At least 1 credible source cited and referenced No spelling errors No grammar errors No APA errors For more information and examples of APA formatting, visit APA Central or the library under Academic Tools in this course. Also review the Policy on Plagiarism. If you have any questions, please contact your professor. Directions for Submitting Your Assignment Name your Assignment document according to this convention: YourLastName_IT591_Unit4. Submit your completed Assignment to the Unit 4 Dropbox by the deadline. file:///Users/emmanuelnyarko/Downloads/Unit%204%20Assignment.html 4/5 1/6/2019 Sample Content Topic Review the rubric before beginning this activity. file:///Users/emmanuelnyarko/Downloads/Unit%204%20Assignment.html 5/5 ...
Purchase answer to see full attachment

Tutor Answer

writercollins
School: Duke University

Attached.

Running Head: SECURITY RISK ASSESSMENT

Security Risk Assessment
Student Name:
Student Number:
Institutional Affiliation:

1

SECURITY RISK ASSESSMENT

2

Table of Content
Table of Contents
Security Risk Assessment ............................................................................................................................. 2
Abstract ......................................................................................................................................................... 4
Vulnerabilities and Threats ........................................................................................................................... 4
Tables ............................................................................................................................................................ 8
Conclusion .................................................................................................................................................. 10
References ................................................................................................................................................... 11

SECURITY RISK ASSESSMENT

3

SECURITY RISK ASSESSMENT

4

Security Risk Assessment
Discuss at least five identified threats or vulnerabilities and discuss the likelihood and
overall impact of each of these vulnerabilities in a table. For each threat/vulnerability,
describe one or more safeguards that could be implemented against the
threat/vulnerability.
Abstract
Security management standard dictates that organisations should implement policies and
procedures in a manner that security violations can be prevented, detected, corrected and
contained. Vulnerability refers to a weakness or flaw in a system security design, procedure,
internal controls and implementation that could be done and cause a breach in security or violate
the security policy of the system. Vulnerabilities in security systems are either technical or nortechnical. Technical vulnerabilities comprise of flaws, holes or wea...

flag Report DMCA
Review

Anonymous
Tutor went the extra mile to help me with this essay. Citations were a bit shaky but I appreciated how well he handled APA styles and how ok he was to change them even though I didnt specify. Got a B+ which is believable and acceptable.

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors